Chapter 3. Creating OpenShift Data Foundation cluster

Procedure

1. In the OpenShift Web Console, click Operators → Installed Operators to view all the installed operators.

   Ensure that the Project selected is openshift-storage.

2. Click on the OpenShift Data Foundation operator and then click Create StorageSystem.
3. In the Backing storage page, select the Create a new StorageClass using the local storage devices option.

4. Click Next.

   Important

   You are prompted to install the Local Storage Operator if it is not already installed. Click Install, and follow the procedure as described in Installing Local Storage Operator.

5. In the Create local volume set page, provide the following information:

   1. Enter a name for the LocalVolumeSet and the StorageClass.

      By default, the local volume set name appears for the storage class name. You can change the name.

   2. Choose one of the following:

      • Disks on all nodes

        Uses the available disks that match the selected filters on all the nodes.

      • Disks on selected nodes

        Uses the available disks that match the selected filters only on selected nodes.

        Important

        If the nodes selected do not match the OpenShift Data Foundation cluster requirement of an aggregated 30 CPUs and 72 GiB of RAM, a minimal cluster is deployed.

        For minimum starting node requirements, see the Resource requirements section in the Planning guide.

   3. Select SSD or NVMe to build a supported configuration. You can select HDDs for unsupported test installations.

   4. Expand the Advanced section and set the following options:

      Volume Mode	Block is selected by default.
      Device Type	Select one or more device type from the dropdown list.
      Disk Size	Set a minimum size of 100GB for the device and maximum available size of the device that needs to be included.
      Maximum Disks Limit	This indicates the maximum number of PVs that can be created on a node. If this field is left empty, then PVs are created for all the available disks on the matching nodes.

   5. Click Next.

      A pop-up to confirm the creation of LocalVolumeSet is displayed.

   6. Click Yes to continue.

6. In the Capacity and nodes page, configure the following:

   1. Select Enable arbiter checkbox if you want to use the stretch clusters. This option is available only when all the prerequisites for arbiter are fulfilled and the selected nodes are populated. For more information, see Arbiter stretch cluster requirements in Preparing to deploy storage cluster with disaster recovery enabled [Technology Preview].

      Select the arbiter zone from the dropdown list.

   2. Available raw capacity is populated with the capacity value based on all the attached disks associated with the storage class. This takes some time to show up.

      The Selected nodes list shows the nodes based on the storage class.

   3. Click Next.

7. Optional: In the Security and network page, configure the following based on your requirement:

   1. Select the Enable encryption checkbox to encrypt block and file storage.

   2. Choose one or both of the following Encryption level:

      • Cluster-wide encryption

        Encrypts the entire cluster (block and file).

      • StorageClass encryption

        Creates encrypted persistent volume (block only) using encryption enabled storage class.

   3. Select Connect to an external key management service checkbox. This is optional for cluster-wide encryption.

      1. Key Management Service Provider is set to Vault by default.
      2. Enter Vault Service Name, host Address of Vault server ('https://<hostname or ip>''), Port number and Token.

   4. Expand Advanced Settings to enter the additional settings and certificate details based on your Vault configuration:

      1. Enter the Key Value secret path in the Backend Path that is dedicated and unique to OpenShift Data Foundation.
      2. Optional: Enter the TLS Server Name and Vault Enterprise Namespace.
      3. Upload the respective PEM encoded certificate file to provide the CA Certificate, Client Certificate and Client Private Key.
   5. Click Save.

   6. Choose one of the following:

      • Default (SDN)

        If you are using a single network.

      • Custom (Multus)

        If you are using multiple network interfaces.

        1. Select a Public Network Interface from the dropdown.

        2. Select a Cluster Network Interface from the dropdown.

           Note

           If you are using only one additional network interface, select the single NetworkAttachementDefinition, that is,ocs-public-cluster for the Public Network Interface, and leave the Cluster Network Interface blank.

   7. Click Next.

8. In the Review and create page, review the configuration details.

   To modify any configuration settings, click Back to go back to the previous configuration page.

9. Click Create StorageSystem.

10. For cluster-wide encryption with Key Management System (KMS), if you have used the Vault Key/Value (KV) secret engine API, version 2, then you need to edit the configmap.

    1. In the OpenShift Web Console, navigate to Workloads → ConfigMaps.
    2. To view the KMS connection details, click ocs-kms-connection-details.

    3. Edit the configmap.

       1. Click Action menu (⋮) → Edit ConfigMap.

       2. Set the VAULT_BACKEND parameter to v2.

          kind: ConfigMap
          apiVersion: v1
          metadata:
            name: ocs-kms-connection-details
          [...]
          data:
            KMS_PROVIDER: vault
            KMS_SERVICE_NAME: vault
          [...]
            VAULT_BACKEND: v2
          [...]

       3. Click Save.